Help?! Possible global hacker attack by Citrix vulnerability

Help?! Possible global hacker attack by Citrix vulnerability

Potentially, some 80,000 companies worldwide are at risk.

The known vulnerability with the identification code CVE-2019-19781 can pose a significant threat to many organizations. Several Citrix products have been affected, a patch for this critical zero-day vulnerability is not expected to be released until the end of January, until then workarounds have been made available.

The top 5 countries involved are: the United States, the United Kingdom, Germany, the Netherlands and Australia. More than 2000 servers with this vulnerability have already been discovered in Germany alone.

Depending on the configuration, Citrix applications can be used to connect workstations and business-critical systems (including ERP). In almost all cases, these are accessible at the edge of the company network and are therefore attacked first.

In recent weeks, security researchers have continuously performed scans for Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) servers: Numerous exploits have been published that enable attackers to take control of devices. CVE-2019-19781 has been rated 9.8 Critical CVSS v3.1 in the Basic Rating. A successful hack gives unauthorized attackers access to folders and executes random code. The result of such an attack: encryption of files or exfiltration of sensitive data.

Panda customers can breathe a sigh of relief!

The dynamic anti-exploitation technology in combination with the 100% Attestation Service monitors the behavior of all processes and looks for abnormalities. This is highly effective, regardless of the means used in the attack (including zero-day attacks), and prevents the exploitation of as yet uncovered security vulnerabilities – whether known or unknown

Even non-Panda users rest easy!

Contact our IT security experts (+49 (0) 2065 961-0) and let them convince you of our simple and fast solution. The Panda Agent can be deployed quickly and easily in your IT system – in parallel with your existing security concept.

So if a system cannot be patched completely due to dependencies with other software – as in the case of Citrix vulnerability – the vulnerability remains, but Panda Security’s Adaptive Defense 360 automatically prevents this vulnerability from being exploited. Previously infected endpoints can be immediately quarantined and disinfected without affecting your workflow.

With Panda’s Advance Reporting Tool (ART), you can draw detailed conclusions from the company’s IT and security management with a single click. Indeed, the analysis of all a company’s telemetry data – even those that are not considered security relevant or classified as harmless – plays a crucial role.

Protect your business now, before you fall victim to such an attack.

Code that is not yet malicious may not be executed immediately, but at a later date. That’s why it’s necessary to adapt your IT infrastructure to the latest technological standard: to classify all ongoing processes in the company network 100% real time and proactively. Adaptive Defense 360 offers you this and also protection against zero-day exploits, which are ignored in most companies and organizations.

In addition, it is Citrix certified, so implementation in larger VDI (Virtual Desktop Infrastructure) environments is no challenge.

Below is the current schedule of expected patches and releases:

About Panda Defense

Panda Adaptive Defense is an innovative cybersecurity solution for desktops, laptops and servers, delivered from the cloud. It automates the prevention, detection, containment and response against any present or future advanced attacks, zero-day malware, ransomware, phishing, memory exploits and malwareless attacks, inside and outside the corporate network.

It differs from other solutions in that it combines the widest range of protection technologies (EPP) with automated EDR capabilities, thanks to two services managed by Panda Security experts, and delivered as features of the solution:

A single dashboard provides a global vision and consolidated management prioritizing detected threats

100% attestation Service.

Threat Hunting and Investigation Service (THIS).

Thanks to its cloud architecture, the agent is light and does not impact the performance of endpoints, which are managed through a single cloud console, even when not connected to the Internet.